Integrity Scan

What is Integrity Scanning?

Integrity scanning is simple method where you check if the hash value (or the checksum) of the file content equals the expected value. For this to work, you need to have list of hash values, or checksums. Right now, you can get list of checksums for every WordPress release and every plugin available in the WordPress plugins repository. Unfortunately, WordPress themes repository currently doesn’t have themes checksums.

WordPress’ checksums are available for the official WordPress releases only. If you use Alpha, Beta or other development version of WordPress, there will be no checksums to check.

But, we at Dev4Press also have checksum files for every release of the Pro plugins going back 7-8 years, and no other premium plugins company has these checksums for their own plugins (as far as I know). So, if you use any of the Dev4Press Pro plugins along with the coreSecurity Pro, plugin will be able to validate checksums for those plugins.

For this to work, you need to have valid license for coreSecurity Pro, because getting checksums is done via Dev4Press API with registered and valid license code. License code for coreSecurity Pro or Dev4Press Plugins Club is required.

Checksums downloaded from WordPress or Dev4Press, are cached for the period of 7 days. Cache is based on the source, name and version of the checksums file.

How does integrity scanning works?

Once you have the file with the checksums for the WordPress or one of the WordPress plugins you use, coreSecurity Pro will check each file that has the hashed checksum. Plugin loads the content of the file on your website, makes the hash from it, and compares it to the hash in the checksum file. If these two match, that means that the files match and that no changes have been made to the file. And, in turn, that means that we don’t need to check that file for malware, because the file you have on you website has its integrity intact, and it is a valid file.

Integrity Scanner also checks to see if there are some new files or directories added compared to the checksum file. If new files are added that don’t have the checksum, that is a suspicious and such new file or directory will be flagged for the malware scan later.

What are potential integrity scan issues?

The scanning process depends on the availability of the checksum files.

  • For plugins from WordPress.org repository, only officially tagged releases on WordPress repository have checksums.
  • If you are using plugin that is available in WordPress.org repository, but you got the plugin from different source, checksums might not be a match.
  • If you are using plugin downloaded from GitHub, and that plugin is in WordPress.org repository, again, checksums might not match.
  • If you have development versions of the plugin, they may contain additional files or directories that will not be matched by the checksums file.
  • If you use Dev4Press Pro plugins, but these plugins are not downloaded from Dev4Press.com, checksums will most likely not match.
  • If you use plugins from other source (premium plugins not in WordPress.org repository), these plugins have no checksum files, and can’t be checked for integrity.

Is Integrity Scanner Reliable?

Integrity Scanning based on the checksums are highly reliable, and very important to have and use. If the file checksum doesn’t match, it means that file is modified in some way. That doesn’t point to malware or some other malicious code presence, but such file is suspected and will be later checked for malware too.

Analyze Integrity Results

Once the File Scanner finishes, results page, tab Integrity will show WordPress Core and plugins checked for Integrity. Results will be color coded, and each result will contain explanation, list of files and more.

Integrity Scanner Results

There are 4 types of results:

  • Failed: One or more files have failed integrity check. You will see list of these files relative to the WordPress Core or Plugin base directory. Additional lists of added or missing files will be also displayed.
  • Suspicious: All available files have passed integrity check. But, some files are missing, or some files or directories are added that should not be there. They will be listed similar to the Failed result.
  • Skipped: Integrity check was skipped, because there were no valid checksums found for the version in use. This can happen if you use WordPress Beta or Test versions (they don’t have checksums), or you use plugin that is not released properly and is missing checksums.
  • Pass: Integrity check was 100% successfully, and no extra files or directories are found, or missing.

All files that have failed integrity check, and all the added directories and files will be placed in the queue for the malware scanner.

0
0
31
Rate this article

You are not allowed to rate this post.

Leave a Comment